From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] apache: generating unique prime numbers and forbit use of weak DH cipher suites Date: Thu, 04 Jun 2015 18:05:20 +0200 Message-ID: <1433433920.25208.15.camel@ipfire.org> In-Reply-To: <556EBA75.1040005@web.de> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7977600928453139290==" List-Id: --===============7977600928453139290== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, On Wed, 2015-06-03 at 10:27 +0200, IT Superhack wrote: > Hello Michael, >=20 > I tested a bit in the last hours. There were a few issues I discovered > and I had to change my patch. >=20 > First, the prime number generation is much slower than I expected - it > took up to 20 minutes on my system. (I guess I had a lucky moment when I > wrote the last mail to you...) That is a no-go then. The key will be generated when the system boots up for the first time. Nobody will wait half an hour until that has completed. We always prefer security over usability but it must still be possible to set up a fresh system within minutes. I am not opposed to the idea in general. In fact I would like to use an own DH key for each system as this patch suggests, but the solution must be less interruptive to the user. > Second, Apache seems to ignore the DH prime numbers. On > https://weakdh.org/sysadmin.html it says that Apache 2.4.8 or newer is > required for the "SSLOpenSSLConfCmd" option. >=20 > I have therefore decided to switch DH off, and use ECDHE only, which is > more safe and - by the way - faster than DH. This is not a problem, > because modern browsers support ECDHE, except for some exotic clients > such as Android 2.3.7 and Java Client 6u45. We can definitely not use only ECDHE. Many OSes do not support elliptic curve cryptography not only because of their age but often because of patents. RedHat still disables all ECC in openssl for all their distributions. > And yes, you were right: The DES-suites were ignored. Please see the new > cipher list in the patch below. In my opinion, the patch is now ready > for merging, unless you have someting against it. >=20 > Signed-off-by: Timmothy Wilson > --- > diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf > b/config/httpd/vhosts.d/ipfire-interface-ssl.conf > index daac757..a8bbae7 100644 > --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf > +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf > @@ -9,7 +9,7 @@ > TransferLog /var/log/httpd/access_log > SSLEngine on > SSLProtocol all -SSLv2 -SSLv3 > - SSLCipherSuite > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-= GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AE= S128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256= :ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-EC= DSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-= SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS= -AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES= 256:HIGH:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK > + SSLCipherSuite > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-= GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AE= S128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256= :ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-EC= DSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA2= 56:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:CAMELLIA:HIGH:!DH:!LOW:!aNUL= L:!eNULL:!EXPORT:!3DES:!DES:!RC4:!MD5:!PSK:!aECDH > SSLHonorCipherOrder on > SSLCertificateFile /etc/httpd/server.crt > SSLCertificateKeyFile /etc/httpd/server.key > Sorry for my harsh words in my last mail about pseudonyms and this stuff. No worries. >=20 > Best regards, > Timmothy Wilson -Michael --===============7977600928453139290== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUFC Q2dBR0JRSlZjSGRBQUFvSkVJQjU4UDl2a0FrSG5za1Avamcxd2puRTgwMnQ3UCtOR1lFSk9vUTIK YWk4aTZ4dDR0VFNFeVhVWXVzN0tXUStUSndaaHJXcWVGazJSTDFDVVFpM2ltUFRmN1RJWUVDME12 ZHp5Q2JuNQpCRFRpWGtXd3NoQ1ZOR3NaV2w2Y0piaU5NZnQ5NjJMdm5DaXZNTHhpQTU5WEZxSzRa bDZscVQ1QW45Qk10OSsrCk9uc2svUmZ2VUxUcjF5blgrdWlFRTliRFE2S05uVU5kVlFtRy84Nm55 bkQzMGwzL0ZGM1J4bzZCbHdtKzVpRnkKRWI4enhTa2hQMENacjBjRWNhT2l3cng5VVRJRlFnTlVh N0w3L21rREM4Szl4WGR2TDlqbngzcWc4eGVZS3JOVgpCMVMxK08wNFVzNkhNQlVoRWpGYlhsQ3JP U0JJNW1lb3ZFMXpLZGdsMjB0eWp4aEJCSktBblNidmh3d0hKQUtVCkR0TVk4bGJmc3BKdGdPbzlY TklhSmhhb2ZWakc1bHNaMy96cGkzTnB1eUxndzJrWjMyajloQkVSMmVOSnhxYWkKWjdESk5NUkI4 VU5QR3RxcHh0ZWNsY3JkZnU2cnFqZUdsOWFrY1N2WXgyNDFzeVZXRm52dHRhSkFTalhaZklwaApq UHJONjZmVmxQUXlFanY3YUtUME8yRkZxSTk3US9PbGZDWHp2WTR1WDlCQ1Y5Q2k5UFZJOHpNMjdz Qm8zZUhmCmxTUkpRc1RGQWMveVZGYnNnTmFacGRqekt3alIxUDhMeUFDVXVmQTNIRDROcFlZRisz aUltWkllUWFpZHUrcGwKTEdZaHFEWHFWQUhKeithRGE4MU50K3JnMzRSc3p6K0xhTHhMamFsdUU1 a1dNVFhZUTlBOVQ0ekxoNk42MTdBSgpJWkNWQ2d5UlViMU5ZQ056OWNxZAo9Qm5BaQotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============7977600928453139290==--